cloudflare/redoctober

cloudflare/redoctober

Description: Go server for two-man rule style file encryption and decryption.

Language: Go

License: NOASSERTION

Stars: 1417

Forks: 147

Open issues: 23

Created: 2013-11-19T01:15:58Z

Pushed: 2026-05-04T15:52:43Z

Default branch: master

Fork: no

Archived: yes

README: > [!WARNING] > This project is no longer actively developed.

Red October ===========

Red October is a software-based two-man rule style encryption and decryption server.

Building

 

Note: GODEBUG=x509ignoreCN=0 must be set during runtime (#204)

This project requires Go 1.16 or later to compile.

Running

Red October is a TLS server. It requires a local file to hold the key vault, an internet address, and a certificate keypair.

First you need to acquire a TLS certificate. The simplest (and least secure) way is to skip the Certificate Authority verification and generate a self-signed TLS certificate. Read this detailed guide or, alternatively, follow these insecure commands:

$ mkdir cert $ chmod 700 cert

Generate private key with password "password"

$ openssl genrsa -aes128 -passout pass:password -out cert/server.pem 2048

Remove password from private key

$ openssl rsa -passin pass:password -in cert/server.pem -out cert/server.pem

Generate CSR (make sure the common name CN field matches your server

address. It's set to "localhost" here.)

$ openssl req -new -key cert/server.pem -out cert/server.csr -subj '/C=US/ST=California/L=Everywhere/CN=localhost'

Sign the CSR and create certificate

$ openssl x509 -req -days 365 -in cert/server.csr -signkey cert/server.pem -out cert/server.crt

Clean up

$ rm cert/server.csr $ chmod 600 cert/*

You're ready to run the server:

$ ./bin/redoctober -addr=localhost:8080 \ -vaultpath=diskrecord.json \ -certs=cert/server.crt \ -keys=cert/server.pem

Quick start: example webapp

At this point Red October should be serving an example webapp. Access it using your browser:

• `https://localhost:8080/`

Using the API

The server exposes several JSON API endpoints. JSON of the prescribed format is POSTed and JSON is returned.

| Path | Summary | | ---- | ------- | | [/create](#create) | Create the first admin account | | [/create-user](#create-user) | Create a user | | [/summary](#summary) | Display summary of the delegated keys and Red October users | | [/delegate](#delegate) | Delegate a key to Red October | | [/purge](#purge) | Delete all delegated keys | | [/password](#password) | Change password for the authenticating user | | [/encrypt](#encrypt) | Encrypt provided data with specified owners and predicates | | [/re-encrypt](#re-encrypt) | Change encryption parameters of already encrypted data (delegation requirements must be met) | | [/decrypt](#decrypt) | Decrypt provided data assuming necesary delegation requirements have been met | | [/ssh-sign-with](#ssh-sign-with) | Sign data as an SSH oracle without disclosing the SSH private key (delegation requirements must be met) | | [/owners](#owners) | List owners (those who can delegate to allow decryption) of a provided encrypted secret | | [/modify](#modify) | Modify an existing user (delete, set admin flag, revoke admin flag) | | [/export](#export) | Exports the internal vault contained encrypted user private keys, hashed passwords, public keys and other RO internal data | | [/order](#order) | Adds an Order request to delegate credentials with specific parameters requested | | [/orderout](#orders-outstanding) | Returns a list of Order structures for all outstanding orders | | [/orderinfo](#order-information) | Returns the Order structure for a specified OrderNum | | [/ordercancel](#order-cancel) | Cancel the Order with the specified OrderNum | | [/restore](#restore) | Restore delegations from a persisted state (if configured). Operates like a /delegate call | | [/reset-persisted](#reset-persisted) | Deletes all delegations from the persisted state (if configured) | | [/status](#status) | Returns the status of the persistent store of delegated keys (if configured) | | [/index](#web-interface) | Optionally, the server can host a static HTML file |

Create

Create is the necessary first call to a new vault. It creates an admin account.

| Requires Authentication | Requires Admin | | ----------------------- | -------------- | | No | No |

Request:

{
"Name": "User1",
"Password": "User1Password"
}

• Name must start with an alphnumeric character and then can contain any alphanumeric character, '-', or '_' after the first character (required)
• Password must be at least one character long (required)

Response:

{
"Status": "ok"
}

• Status will be "ok" if successful or an error string if not.

Assumptions:

• This API call can only be called on an uninitialized vault and will fail on any call after the first user is created.
• The user created with this call is an Admin account.
• This user will use the passvault.DefaultRecordType, which is RSA.

Example query:

$ curl --cacert cert/server.crt https://localhost:8080/create \ -d '{"Name":"Alice","Password":"Lewis"}' {"Status":"ok"}

Create User

Create User creates a new user account.

| Requires Authentication | Requires Admin | | ----------------------- | -------------- | | No | No |

Request:

{
"Name": "User1",
"Password": "User1Password!",
"UserType": "ECC",
"HipchatName": ""
}

• Name must be unique within the RedOctober vault (required)
• Password must be at least one character long (required)
• UserType can be "RSA" or "ECC" (optional, will default to "RSA")
• HipchatName specifies the HipChat username for Order notifications if configured (optional)

Response:

{
"Status": "ok",
}

• Status will be "ok" if successful or an error string if not.

Assumptions:

• Anyone who can access the…